Manage Servers On-premises with Microsoft Azure Cloud Services #Azure #Arc #Security #Cloud #AzureMonitor #ASC

Microsoft Azure Arc Servers On-Premises and Azure Cloud Services

Earlier I wrote a blogpost about Microsoft Azure Arc services installation to manage on-premises Servers with Azure Cloud Services, like Azure Monitor and Azure Security Centre from the Cloud.
Here in this post you will see the Newest Microsoft Azure Cloud Services to Manage and Monitor your Servers on-premises with security and compliance included.

Azure Arc Extensions settings of the Server.

Here you can see we have installed the Microsoft Monitoring Agent for Azure Monitor and log analytics, second we have installed the dependency Agent for Windows for
insights, Performance and Service maps. Here you find more information about Virtual machine extension management with Azure Arc for servers (preview)  

After initial deployment of the Azure Arc for servers (preview) Connected Machine agent for Windows or Linux, you may need to reconfigure the agent, upgrade it, or remove it from the computer if it has reached the retirement stage in its lifecycle. You can easily manage these routine maintenance tasks manually or through automation, which reduces both operational error and expenses.

Managing and maintaining the Connected Machine agent

Azure Arc Insights Performance monitor

The Azure Arc Insights Performance monitor is there by default and installed with the following dashboards :

• CPU Utilization
• Available Memory
• Logical disk IOPS
• Logical disk MB/s
• Logical disk Latency
• Max logical disk used %
• Bytes Sent Rate
• Bytes Received Rate

Azure Arc Logs Analytics

Of course you can make your own custom Dashboards in the Azure Portal with your own triggers, so in this way you get the same Azure Monitor Innovative Tools for your On-Premises Servers. 😉

Within Microsoft Azure Arc Insights, you can also see a Service Map of the Server

Here is were the dependency agent comes in, you get a service map of the Server and see the communication lines with other resources. In this picture you see Server Yoda01 a Domain Controller of my MVPLAB.
You can see that there are three Clients are logged on the domain controller.

Microsoft Azure Security Center for Azure Arc Servers

 

One of the most powerful and important features of Microsoft Azure Cloud platform is Security! Microsoft Azure Security Center (ASC) is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud – whether they’re in Azure or not – as well as on premises.

Here you see my Azure Arc Servers (On-Premises) in Azure Security Center.

Azure Arc Server in Azure Security Center recommendations Summary

Five security assessments passed the test, but Azure Security assessment has two recommendations one is Medium Risk and one low.

Here you see the Security advise and the Remediation to take action on your Server.

Microsoft Azure Security Center Overview with the Overall Secure Score.

Security controls – Each control is a logical group of related security recommendations, and reflects your vulnerable attack surfaces. A control is a set of security recommendations, with instructions that help you implement those recommendations. Your score only improves when you remediate all of the recommendations for a single resource within a control.

To immediately see how well your organization is securing each individual attack surface, review the scores for each security control.

 Here you find More information about Azure Security Center Secure Score

To get your Azure Arc Servers (On-premises) complaint for the business and security, you can use Microsoft Azure Arc Policies

Azure Arc Policies to meet your Compliance state.

Conclusion

Microsoft is bringing Azure Cloud Power tools everywhere with Azure Arc Services to give you modern tools like Azure Monitor and Azure Security Center to keep you in control, Secure and Compliant for your business. Keep following Microsoft for Hybrid IT Management, because more awesome features are added every day in Microsoft Azure Cloud Services. Let’s start to get your Azure Security Score UP and UP 😉

Categories: ARM, Azure, Azure Monitor, Azure Security, Azure Stack, Azure Stack HCI, Containers, Linux, Microsoft Azure, SQL, Uncategorized, Windows 10, Windows Containers, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, WindowsAzure, WindowsInsiders | Tags: ARC, ASC, AzOps, Azure, AzureArc, Azuremonitor, Cloud, HybridCloud, HybridIT, Management, Microsoft, MVPBUZZ, SecOps, Security, winserv | Permalink.

Microsoft Azure ARC for Hybrid Infrastructure Management #Cloud #Azure #Hybrid

Microsoft Azure ARC and Manage your Infrastructure

Azure Arc for servers (preview) allows you to manage your Windows and Linux machines hosted outside of Azure on your corporate network or other cloud provider, similarly to how you manage native Azure virtual machines. When a hybrid machine is connected to Azure, it becomes a connected machine and is treated as a resource in Azure.

Azure ARC

Generate a script to onboard target machine.
Read more here for connecting hybrid Machine.

Connect hybrid machines to Azure from the Azure portal

The latest Azure ARC 2020 Updates via Microsoft Mechanics with Travis Wright

Categories: Azure, Hyper-V, Linux, Microsoft Azure, SQL, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, WindowsAzure | Tags: ARC, Azure, Cloud, HybridIT, Infrastructure, Microsoft, SQL, winserv | Permalink.

Windows Admin Center Rocks for Managing Hybrid DataCenters #WAC #Azure #Winserv

Microsoft Windows Admin Center for Hybrid IT Management

I really like to work with Microsoft Windows Admin Center for managing my Hybrid workloads Windows Servers in Azure Cloud Services but also our On-premises Servers on Hyper-V and VMware platform. Even our physical Windows Servers can be managed from Windows Admin Center.

You can extend on-premises deployments of Windows Server to the cloud by using Azure hybrid services. These cloud services provide an array of useful functions, including the following:

• Protect virtual machines and use cloud-based backup and disaster recovery (HA/DR) with Azure Site Recovery.
• Track what’s happening across your applications, network and infrastructure with the help of advanced analytics and machine learning in Azure Monitor.
• Simplify network connectivity to Azure with Azure Network Adapter.
• Keep virtual machines up to date with Azure Update Management.

Azure hybrid services work with Windows Servers in the following configurations:

• Stand-alone physical servers and virtual machines (VMs)
• Clusters, including hyper-converged clusters certified by the Azure Stack HCI, and Windows Server Software-Defined (WSSD) programs

I’m working with Windows Admin Center since day one, and you see the hybrid management tool evolving with great new features to make your life as an Administrator more easier. For example you get notifications when there are updates in extensions.

Notification details about update Extensions

When you click on the link “Go to Extensions” you will see the Extensions installed and the Updates which you can install from there.

Here you see an Azure Security Center Extension update.

There are not only Microsoft extensions, but also third party solution extensions and you could build your own extension for your solution. Here you find all the information about Windows Admin Center Extensions

Third Party Windows Admin Center Extensions

Installing a New extension is easy to do, the Azure Cloud Shell (Preview) was the last extension I installed in my Azure MVP Lab to work with. Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell. Cloud Shell enables access to a browser-based command-line experience built with Azure management tasks in mind. So how does this look in Windows Admin Center?

Install the Azure Cloud Shell (Preview) Extension

You find the Installed Azure Cloud Shell in the pulldown menu of WAC

Copy your code here https://microsoft.com/devicelogin

You will see this screen when you copy-paste the code

When you go back to Windows Admin Center you will see you are connected with Azure Cloud Shell CLI 😉

Azure Cloud Shell in Windows Admin Center

from here you can manage all your Azure Cloud Services via the Azure Cloud Shell CLI with Bash or Powershell.
Here you find more about Microsoft Azure Cloud Shell tools and Features.

you can add an Azure Network Adapter to your on-premises servers to help you securely connect the server to an Azure Virtual Network.

Read more about adding Microsoft Azure Network Adapter (Preview) in the top 10 Features of Windows Server 2019. Nice link speed of 40 Gbps 😉

For Management of your Windows Servers you need some tools and consoles. Windows Admin Center is supporting you to get the Management consoles in one place to do your administration and updates.
The next tree Features are in Windows Admin Center to manage your Windows Server.

Powershell inside WAC of my Domain Controller

Windows PowerShell is a task-based command-line shell and scripting language designed especially for system administration. Built on the .NET Framework, Windows PowerShell helps IT professionals and power users control and automate the administration of the Windows operating system and applications that run on Windows.
Here you find more information about Windows Commands

Windows Update in Windows Admin Center.

Of course you need to update your Windows Servers, and what I like in WAC is that you get the information if an update needs a reboot before you click on Install Updates. This option is good for my Azure MVP Lab but when you need to update more then 100 Servers, you would do that centrally managed like with Update Management solution in Azure

Windows Remote Desktop in WAC

Remote Desktop is one of the Features of Windows Admin Center, to take over the desktop for installations of Applications for example.

Windows Admin Center got a lot more Features and Tools to Manage your Windows Servers in a Hybrid world.
Like these :

• Storage
• Security
• System Insights
• Scheduled Tasks
• Installing Roles and Features of Windows Server
• Registry
• Processes running on your Windows Server
• Managing and deploying Clusters
• and much More………

You can install the following Resources to Manage with WAC

Windows Admin Center Overview

Conclusion:

Microsoft Windows Admin Center is the New Management tool for your Hybrid IT Management to Controle your Servers for your Business. It got all the Management consoles covered of Windows Servers to manage from one tool.
It’s easy to use and It keeps you Up-to-date of what is happening on your Windows Server but also what is New and updated. With Microsoft Windows Admin Center your are learning on the job and that’s what I Like 😉
Hope you will use Microsoft Windows Admin Center too for your Business, download it here for Free!

Categories: Azure, Azure Monitor, Azure Stack, Containers, Docker, Hyper-V, Microsoft Azure, NanoServer, SQL, Windows 10, Windows Admin Center, Windows Containers, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, WindowsAzure, WindowsInsiders | Tags: AzOps, Azure, Cloud, Containers, HybridCloud, HybridIT, HyperV, Insights, Management, Monitoring, MVPBUZZ, Security, WAC, WindowsAdminCenter, winserv | Permalink.

Get Started with Microsoft #MSOMS Network Performance (Preview)

OMS Network Performance Monitor (Preview)

This blogpost describes how to set-up and use the Network Performance Monitor solution in OMS, which helps you monitor the performance of your networks-in near real-time-to detect and locate network performance bottlenecks. With the Network Performance Monitor solution, you can monitor the loss and latency between two networks, subnets or servers. Network Performance Monitor detects network issues like traffic blackholing, routing errors, and issues that conventional network monitoring methods are not able to detect. Network Performance Monitor generates alerts and notifies as and when a threshold is breached for a network link. These thresholds can be learned automatically by the system or you can configure them to use custom alert rules. Network Performance Monitor ensures timely detection of network performance issues and localizes the source of the problem to a particular network segment or device.+

You can detect network issues with the solution dashboard which displays summarized information about your network including recent network health events, unhealthy network links, and subnetwork links that are facing high packet loss and latency. You can drill-down into a network link to view the current health status of subnetwork links as well as node-to-node links. You can also view the historical trend of loss and latency at the network, subnetwork, and node-to-node level. You can detect transient network issues by viewing historical trend charts for packet loss and latency and locate network bottlenecks on a topology map. The interactive topology graph allows you to visualize the hop-by-hop network routes and determine the source of the problem. Like any other solutions, you can use Log Search for various analytics requirements to create custom reports based on the data collected by Network Performance Monitor.+

The solution uses synthetic transactions as a primary mechanism to detect network faults. So, you can use it without regard for a specific network device’s vendor or model. It works across on-premises, cloud (IaaS), and hybrid environments. The solution automatically discovers the network topology and various routes in your network.+

Typical network monitoring products focus on monitoring the network device (routers, switches etc.) health but do not provide insights into the actual quality of network connectivity between two points, which Network Performance Monitor does.

If you are new with Microsoft Operations Management Suite, you can download here a Free OMS Subscription Plan to try it your Self

When you have added the Microsoft OMS Network Performance Monitor (Preview) to your Dashboard you have to install OMS agents and configure them in an easy way to start the Network Performance solution and getting results.

1. Install OMS Agents.
2. Configure OMS Agents
3. Create your Networks.

1. Install OMS Agents :

In order to work with OMS, OMS agents are required to be installed on all servers of interest.

NPM requires agents to be installed on at least 2 servers to monitor the connectivity between them. We recommend that for every subnet that you want to monitor, select two or more servers and install the agent on them. If you are unsure about the topology of your network, simply install the agents on critical workloads for which you want to monitor the network performance.

Here you can download your OMS Agent for your Server

If you are deploying using SCOM you should ignore step 1 and jump directly to step 2

Once the NPM solution is enabled on your OMS workspace the required management packs for NPM will automatically flow down to the machines that are connected to OMS via SCOM.

In case you want to connect SCOM with OMS but haven’t figured out how to do it yet, click on the link below.
How to Connect SCOM to OMS

2. Configure OMS agents :

Firewall ports are required to be opened on the servers so that the agents can connect to each other.

Run the script without any parameters in a power shell window with administrative privileges. This script creates few registry keys required by NPM and creates windows firewall rules to allow agents to create TCP connections with each other

The port opened by default would be 8084. You have the option of using a custom port by providing the parameter ‘portNumber’ to the script. However, the same port should be used on all the machines where the script is executed.

Note that the script will configure only windows firewall locally. If you have a network firewall you should make sure that it is allowing traffic destined for the TCP port being used by NPM

Run the Powershell script as Administrator on your Servers.

3. Create your Networks :

A ‘Network’ in NPM is a container for a bunch of subnets. The Default network is the container for all the subnets that are not contained in any user defined network. In the most likely case the subnets in your organization will be arranged in more than one network and you should create one or more network to logically group your subnets.

You can create network with any name that meets your business requirements and add the subnets to the network.

Once you have saved the configuration for the first time, the solution will start collecting network data. The process usually takes a while. Once the data has been uploaded you should be able to see the solution dashboard with data and graphs. At this point the setup is complete and you can start using the solution

The OMS Performance Monitor Solution needs time to get the information of your network.

I have only one network in my lab environment

OMS Network Performance Monitor (Preview)

The issue here is that my switches are not IP V6 ready 😦

After a view days analytics you can make your own custom view

Here you can plot network performance issues between two Servers

Everything is fine here 🙂

When something is wrong you can go directly to the View Node Logs.

OMS Log analytics results of your Server

When you have a large network with a lot of HOPS like switches and routers you can see where you have latency :

The OMS NPM solution is still in preview but you can test it in your test environment to learn and get a better network by eliminating your network issues.
When you use the OMS Gateway on-premises you can connect your Servers to Operations Management Suite, here you
find my blogpost for the installation and configuration :

Hybrid IT Connect computers and devices to #MSOMS using the OMS Gateway

Hope this blogpost is useful for you to get your network in Control with Hybrid IT Management of OMS Services.

Categories: Azure, Microsoft Azure, OMS, System Center 2016, Windows Server 2012 R2, Windows Server 2016, WindowsAzure | Tags: Cloud, HybridCloud, HybridIT, Linux, Microsoft, MSOMS, Network, NPM, OMS, SCOM, winserv | Permalink.

What is Operations Management Suite (OMS)? Video #MSOMS #Azure #Sysctr #Linux

Gain control over any hybrid cloud. Manage and protect Azure or AWS, Windows Server or Linux, VMware or OpenStack with Microsoft cost-effective, all-in-one cloud IT management solution.

Try Microsoft Operations Management Suit today by Create a Free Account here

Here you find Microsoft OMS Technical Documentation Overview

Categories: Azure, Azure Security, Azure Stack, Hyper-V, Linux, Microsoft Azure, OMS, SCOM2012, SQL, System Center 2012 R2, System Center 2016, Windows Server 2012 R2, Windows Server 2016, WindowsAzure, WindowsAzurePack | Tags: AWS, Azure, HybridCloud, HybridIT, Linux, Microsoft, MSOMS, sysctr | Permalink.